Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'v6.12-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:

- Fix possible double free setting xattrs

- Fix slab out of bounds with large ioctl payload

- Remove three unused functions, and an unused variable that could be
confusing

* tag 'v6.12-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: Remove unused functions
smb/client: Fix logically dead code
smb: client: fix OOBs when building SMB2_IOCTL request
smb: client: fix possible double free in smb2_set_ea()

+11 -58
-9
fs/smb/client/cifsproto.h
··· 252 252 unsigned int to_read); 253 253 extern ssize_t cifs_discard_from_socket(struct TCP_Server_Info *server, 254 254 size_t to_read); 255 - extern int cifs_read_page_from_socket(struct TCP_Server_Info *server, 256 - struct page *page, 257 - unsigned int page_offset, 258 - unsigned int to_read); 259 255 int cifs_read_iter_from_socket(struct TCP_Server_Info *server, 260 256 struct iov_iter *iter, 261 257 unsigned int to_read); ··· 619 623 int cifs_alloc_hash(const char *name, struct shash_desc **sdesc); 620 624 void cifs_free_hash(struct shash_desc **sdesc); 621 625 622 - struct cifs_chan * 623 - cifs_ses_find_chan(struct cifs_ses *ses, struct TCP_Server_Info *server); 624 626 int cifs_try_adding_channels(struct cifs_ses *ses); 625 627 bool is_server_using_iface(struct TCP_Server_Info *server, 626 628 struct cifs_server_iface *iface); ··· 634 640 void 635 641 cifs_chan_clear_in_reconnect(struct cifs_ses *ses, 636 642 struct TCP_Server_Info *server); 637 - bool 638 - cifs_chan_in_reconnect(struct cifs_ses *ses, 639 - struct TCP_Server_Info *server); 640 643 void 641 644 cifs_chan_set_need_reconnect(struct cifs_ses *ses, 642 645 struct TCP_Server_Info *server);
-4
fs/smb/client/compress.c
··· 166 166 loff_t start = iter->xarray_start + iter->iov_offset; 167 167 pgoff_t last, index = start / PAGE_SIZE; 168 168 size_t len, off, foff; 169 - ssize_t ret = 0; 170 169 void *p; 171 170 int s = 0; 172 171 ··· 191 192 p = kmap_local_page(folio_page(folio, j)); 192 193 memcpy(&sample[s], p, len2); 193 194 kunmap_local(p); 194 - 195 - if (ret < 0) 196 - return ret; 197 195 198 196 s += len2; 199 197
-12
fs/smb/client/connect.c
··· 795 795 } 796 796 797 797 int 798 - cifs_read_page_from_socket(struct TCP_Server_Info *server, struct page *page, 799 - unsigned int page_offset, unsigned int to_read) 800 - { 801 - struct msghdr smb_msg = {}; 802 - struct bio_vec bv; 803 - 804 - bvec_set_page(&bv, page, to_read, page_offset); 805 - iov_iter_bvec(&smb_msg.msg_iter, ITER_DEST, &bv, 1, to_read); 806 - return cifs_readv_from_socket(server, &smb_msg); 807 - } 808 - 809 - int 810 798 cifs_read_iter_from_socket(struct TCP_Server_Info *server, struct iov_iter *iter, 811 799 unsigned int to_read) 812 800 {
-32
fs/smb/client/sess.c
··· 115 115 ses->chans[chan_index].in_reconnect = false; 116 116 } 117 117 118 - bool 119 - cifs_chan_in_reconnect(struct cifs_ses *ses, 120 - struct TCP_Server_Info *server) 121 - { 122 - unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 123 - 124 - if (chan_index == CIFS_INVAL_CHAN_INDEX) 125 - return true; /* err on the safer side */ 126 - 127 - return CIFS_CHAN_IN_RECONNECT(ses, chan_index); 128 - } 129 - 130 118 void 131 119 cifs_chan_set_need_reconnect(struct cifs_ses *ses, 132 120 struct TCP_Server_Info *server) ··· 473 485 474 486 ses->chans[chan_index].iface = iface; 475 487 spin_unlock(&ses->chan_lock); 476 - } 477 - 478 - /* 479 - * If server is a channel of ses, return the corresponding enclosing 480 - * cifs_chan otherwise return NULL. 481 - */ 482 - struct cifs_chan * 483 - cifs_ses_find_chan(struct cifs_ses *ses, struct TCP_Server_Info *server) 484 - { 485 - int i; 486 - 487 - spin_lock(&ses->chan_lock); 488 - for (i = 0; i < ses->chan_count; i++) { 489 - if (ses->chans[i].server == server) { 490 - spin_unlock(&ses->chan_lock); 491 - return &ses->chans[i]; 492 - } 493 - } 494 - spin_unlock(&ses->chan_lock); 495 - return NULL; 496 488 } 497 489 498 490 static int
+2 -1
fs/smb/client/smb2ops.c
··· 1158 1158 struct cifs_fid fid; 1159 1159 unsigned int size[1]; 1160 1160 void *data[1]; 1161 - struct smb2_file_full_ea_info *ea = NULL; 1161 + struct smb2_file_full_ea_info *ea; 1162 1162 struct smb2_query_info_rsp *rsp; 1163 1163 int rc, used_len = 0; 1164 1164 int retries = 0, cur_sleep = 1; ··· 1179 1179 if (!utf16_path) 1180 1180 return -ENOMEM; 1181 1181 1182 + ea = NULL; 1182 1183 resp_buftype[0] = resp_buftype[1] = resp_buftype[2] = CIFS_NO_BUFFER; 1183 1184 vars = kzalloc(sizeof(*vars), GFP_KERNEL); 1184 1185 if (!vars) {
+9
fs/smb/client/smb2pdu.c
··· 3313 3313 return rc; 3314 3314 3315 3315 if (indatalen) { 3316 + unsigned int len; 3317 + 3318 + if (WARN_ON_ONCE(smb3_encryption_required(tcon) && 3319 + (check_add_overflow(total_len - 1, 3320 + ALIGN(indatalen, 8), &len) || 3321 + len > MAX_CIFS_SMALL_BUFFER_SIZE))) { 3322 + cifs_small_buf_release(req); 3323 + return -EIO; 3324 + } 3316 3325 /* 3317 3326 * indatalen is usually small at a couple of bytes max, so 3318 3327 * just allocate through generic pool